This modification impacts the intakes VadeM365 and VadeCloud.

To prevent IP blocking issues with Vade APIs due to repeated authentication errors, we are modifying the following behavior with these 2 intakes:

• Before: Authentication errors were considered as ERROR level
• After: Authentication errors will be considered as CRITICAL level

This modification signifies that after 5 failed authentication attempt, the intake will be automatically stopped.
A grace period of 30 minutes is applied meaning that after 30 minutes, the error counter is resetted to zero if no new errors occured.

🗓️ This update will be applied on Wednesday 13th around 12:00 CET.

Integrations Team,

🗞️ A recap of new intakes and new automations added to our Integration catalog and some improvements on HarfangLab.

New Intakes

• Pradeo MTD (read more)
• Google Cloud Load Balancing (read more)
• 1Password EPM (read more)
• Clavister NGFW (read more)
• OCSF (read more)
• Gatewatcher AionIQ V103 (read more)

New Automations

• New SentinelOne EDR actions (initiate scan, Update Threat Incident, Create Threat Note and Create Iocs)
• New WithSecure EDR actions (kill thread, kill process and enumerate processes)
• New Sophos EDR actions (isolate endpoint, deisolate endpoint and scan)
• Improvement of the trigger Alert Comment Created. The trigger now returns: comment uuid, comment content, comment date and comment author uuid)

HarfangLab

New fields parsed in HarfangLab events:

• action.properties.CertIssuerName
• action.properties.CertSerialNumber
• action.properties.CertThumbprint
• action.properties.PreAuthType
• action.properties.ServiceName
• action.properties.ServiceSid
• action.properties.TicketEncryptionType
• action.properties.TicketOptions

Thinkst Canary [BETA]

• Thinkst Canary is a deception technology that helps detect attackers on your network before they can do any damage
• Collect accurate alerts from Canaries into Sekoia to detect intruders and block cyber-attacks (learn more)

Integrations Fastly Next-Gen WAF Audit Logs and Veeam Backup & Replication are now available in GA.

Fastly WAF

• Collect Corp audit logs and Site audit logs to monitor unusual admin activity in your WAF (learn more)

Veeam Backup & Replication

• Collect Application, File, Network and Service logs to monitor your critical backup and replication systems (learn more)

Five new integrations entered our Intake catalog in BETA.

ESET Protect / Inspect [BETA]

• This integration available for Cloud and On-prem versions.
• Collect alerts and telemetry into Sekoia to improve your visibility and monitor your endpoints closely (documentation)

Juniper Switches [BETA]

• Collect firewall logs from Juniper Switches into Sekoia (documentation)

Azure Application Gateway [BETA]

• Collect access and firewall logs from Azure Application Gateway into Sekoia (documentation)

Efficient IP [BETA]

• Collect dns logs from EfficientIP SOLIDserver into Sekoia to leverage our CTI (documentation)

Sesame it Jizô NDR [BETA]

• Jizô NDR is a network observability platform that enables decision-makers to anticipate, identify and block cyber-attacks
• Collect logs from Jizô NDR into Sekoia (documentation)

New integrations Bitsight SPM and Mimecast Email Security have entered BETA phase.

Bitsight SPM [BETA]

• Collect findings with vulnerability and asset details into Sekoia (documentation).

Mimecast Email Security [BETA]

• Collect email gateway logs into Sekoia (documentation).

We are excited to welcome 2 amazing French security products.

Daspren Parad [BETA]

• Daspren is the only Data Detection and Response (DDR) that integrates detection and blocking of cyber attacks
• Collect logs from Daspren Parad into Sekoia (documentation)

Nybble Security

• Nybble is a Community based cyberdefense that provides an alert triage and incident management service thanks to the world’s first qualified analyst network
• Automatically create an alert in Nybble Hub when a new alert is raised in SEKOIA.IO (documentation)
• A playbook template is available to quickly setup an automation

We fixed 2 issues related to the parsing of DNS values to improve CTI Detection.

SentinelOne CloudFunnel

On MacOS, S1 CloudFunnel could return sometimes a DNS value that was incompatible with our CTI Detection.
Before: dns.question.name = "type: 1 example.com"
Now: dns.question.name = "example.com"

Cisco Umbrella DNS

Cisco Umbrella DNS returned a DNS value that was not matching with our CTI detection because of the dot at the end.
Before: dns.question.name = "example.com."
Now: dns.question.name = "example.com"

New integrations Azure Key Vault and Ubika Cloud Protector Traffic have entered BETA phase.
Five Endpoint integrations are now in General Availability.

Azure Key Vault [BETA]

• Collect audit logs into Sekoia to monitor your organization cryptographic keys and secrets (documentation).

Ubika Cloud Protector Traffic [BETA]

• Collect web logs into Sekoia to leverage our CTI and built-in detection rules (documentation).

Checkpoint Harmony Mobile [GA]

• Collect alerts into Sekoia to improve your visibility on mobile devices (documentation).

Crowdstrike Falcon Telemetry [GA]

• Collect telemetry into Sekoia to monitor your endpoints closely (documentation).

Palo Alto Cortex EDR [GA]

• Collect alertsand telemetry to improve your visibility and monitor your endpoints closely (documentation).

SentinelOne Cloud Funnel 2.0 [GA]

• Collect telemetry to monitor your endpoints closely (documentation).

Stormshield SES [GA]

• Collect telemetry to monitor your endpoints closely (documentation).

Here is a recap of the integrations that joined in our catalog in April.

Fastly WAF [BETA]

• Collect WAF alerts into Sekoia for better visibility (documentation).
• Collect Corp audit logs and Site audit logs to monitor unusual admin activity in your WAF (documentation).

Olfeo Secure Web Gateway [BETA]

• Collect network logs into Sekoia to leverage our CTI and our built-in detection rules (documentation).

Ubika Cloud Protector [BETA]

• Collect WAF alerts into Sekoia for better visibility (documentation).

Systancia Cleanroom [BETA]

• Collect authentication logs from Systancia PAM (Privilege Access Management) to leverage our CTI and monitor critical resources (documentation).

We're thrilled to announce new integrations available on our platform, enhancing your security operations and threat detection capabilities.

1. AWS CloudFront is now in BETA! Seamlessly integrate this powerful CDN service from Amazon Web Services for secure content delivery with low latency. Learn more here.

2. Palo Alto Cortex XDR (EDR) integration is also in BETA! Collect alerts and associated telemetry events in real time for improved threat detection and response. Dive deeper here.

3. Introducing Broadcom Cloud Secure Web Gateway and Broadcom Edge Secure Web Gateway both in BETA! Enhance your security posture with these cloud-native and on-prem solutions providing advanced threat protection and content filtering. Explore more here and here respectively.

4. Crowdstrike Falcon For Mobile is now generally available (GA)! Gain insights into alerts detected on iOS and Android mobile devices. Find out more here.

Stay tuned for more updates and integrations to fortify your security infrastructure! For detailed documentation on each integration, visit our integration docs page.

Changelog:

• Add support of F5 Big-IP APM, LTM, AFM and PSM
• Extract the timestamp from event if available
• Extract the name of the F5 Big-IP rule applied if available
• event.type = info (currently "undefined")
• event.category* = network (currently "Successful Request")
• observer.type** = firewall (currently "ASM")
• observer.product = ASM (currently "undefined")

Remarks:
*The previous value of “event.category” was moved to “event.action”
**The previous value of “observer.type” was moved to “observer.product”

For questions or assistance, please contact our support team.

Our SOC platform has been upgraded with new intakes and improved connectors for better security insights. Here's a quick overview of the latest updates:

1. OpenVPN: Access logs and connection events detection with our CTI rules. Learn more.
2. Checkpoint Harmony Mobile: Alerts collection for mobile devices. Learn more.
3. Azure Monitor for Azure Files: Events collection and access monitoring for sensitive files. Learn more.
4. Microsoft IIS: Access logs. Learn more.
5. Darktrace: Enhanced connector supporting "IA analyst" events. Learn more.
6. Cato: SASE connector for comprehensive event collection (Firewall, IPS, Malware detection, Network connection and more). Learn more.

These updates offer advanced security monitoring and incident response tools. For questions or assistance, please contact our support team.

We're excited to announce the launch of four new integrations available for effortless connection to the Sekoia SOC Platform: AD Audit Plus, Sonicwall Secure Mobile Access, Trellix Network Security, and Trend Micro Email Security.

Please take a look at these new integrations and give us your feedback!

To see all of our available integrations, visit our integrations catalog.

We are thrilled to announce the addition of six powerful network integrations to Sekoia.io SOC platform, enhancing your threat detection capabilities and further simplifying incident management. These new integrations are Cato Networks SASE, Cisco NX-OS, OGO WAF, OPNSense, Skyhigh Secure Web Gateway, and SonicWall Firewall.

These integrations bring a host of benefits to your cybersecurity efforts:

🔍 Anomaly detection: Add an extra layer of threat detection with anomaly detection capabilities.

🌐 Threat intelligence: Leverage Sekoia.io threat intelligence to develop confirmed threat alerts.

👁️ Improved visibility: Simplify incident management and enhance your overall visibility into network security.

🔥 Firewall context for XDR: Monitor IP addresses, URLs, and domains, allowing for effective blocking at the network perimeter and alerting for triaging and correlation.

These integrations are designed to elevate your network security efforts, streamline incident response, and ultimately bolster your organization's resilience to cyber threats.

Get started today and boost your security!

To improve the way you secure your digital ecosystem, we are excited to announce four new cloud and SaaS integrations coming out of beta.

Now you can seamlessly connect to the Sekoia.io platform with AWS GuardDuty, Palo Alto Cortex Data Lake, Salesforce, and Varonis.

With these integrations, you can reduce security risks, easily manage policies, and strengthen your applications in hybrid environments. Whether you're fighting cyber threats, protecting against OWASP attacks, or extending web security, Sekoia.io has you covered.

Don't miss the opportunity to enhance your security posture with these powerful integrations. Stay tuned for more updates!

We've just rolled out of beta three new integrations, and they are set to improve the way you protect your organization's email communications.

🌟 Let's meet the new email integrations that you can now connect instantly with Sekoia.io: Vade Cloud, Cisco ESA and Microsoft 365. We're all about maximizing the efficiency of your existing tools!

Here's a deeper dive into what these integrations bring to the table:

🔒 Visualize threats: With these new integrations, you can now gain unprecedented visibility into email threats. Understand the intricate relationships between messages, senders, and potential targets.

📈 Get actionable insights: Knowledge is key in the world of cybersecurity, and these integrations provide you with real-time alerts. Stay one step ahead of cyber threats by receiving timely insights that enable you to proactively defend your organization.

🤖 Automate workflows: In the battle against phishing attacks, malware, and other email-based threats, speed is of the essence. With Sekoia.io, you can automate workflows, empowering your security teams to respond swiftly and decisively.

These integrations are available right now. Boost your email security today! 💪

We are thrilled to announce the addition of seven powerful integrations to the endpoint category of our Sekoia XDR platform. These integrations bring a new level of threat detection and response capabilities to your cybersecurity arsenal, making your organization more resilient in the face of evolving cyber threats.

The lineup of 7 new endpoint technologies now out of beta includes:

1. Crowdstrike Falcon Telemetry
2. Microsoft 365 Defender
3. Sophos EDR
4. Trend Micro Apex One
5. WithSecure Elements
6. VMWare ESXi
7. VMware vCenter

By bringing these technologies together in the Sekoia XDR platform, we make it easier than ever to protect your endpoints and respond effectively to security incidents.

If you have any questions or need assistance with these integrations, our support team is here to help. 💪🔒

We're thrilled to announce the official release of six new integrations in our Identity & Access Management (IAM) category.

These integrations are ready to elevate your security and monitoring capabilities for identity logs.

With Sekoia.io's powerful correlation engine, you can easily correlate IAM logs and also leverage its effective anomaly detection engine.

Which new IAM tools can now be seamlessly connected to the Sekoia.io platform?

1. Cisco Duo Security
2. Cisco ISE
3. Cloudflare Access Requests
4. Crowdstrike Falcon (Identity Protection)
5. Jumpcloud Directory Insights
6. RSA SecurID

Why is it crucial to monitor the logs from your IAM tools?

• Enhanced visibility - Monitor user activities and identify any unusual or suspicious access patterns.
• Security threat detection - Detect unusual or unauthorized access attempts, potentially indicating security threats like credential theft or unauthorized access.
• Real-time incident response - Respond promptly if suspicious activities or anomalies are detected, preventing potential security breaches from escalating.

For those using any of these technologies, be sure to check out our Intakes page!

SEKOIA.IO releases, as general availability, two new formats: winlogbeat and Cisco Meraki MX.

Winlogbeat

Winlogbeat is an open-source log collector for Windows. Now, with this new format, you are able to ingest events from winlogbeat agent in SEKOIA.IO

See our documentation to set your Winlogbeat intake.

Cisco Meraki MX

Supervise any activities on your network with our format Cisco Meraki MX.

Please, refer to our documentation to set up this integration.

Last year, SEKOIA.IO integrates Cybereason's Malop activities, allowing you to see changes on a Malop.

Today, SEKOIA.IO releases its new integration with Cybereason to collect Malops and telemetry.

Use our dedicated connector to collect events.

See our documentation to set your Cybereason intake.